All Products
Search

This Product

    Virtual Private Cloud:Subnet routing

    Document Center

    Virtual Private Cloud:Subnet routing

    Last Updated:Apr 22, 2024

    You can create a custom route table in a virtual private cloud (VPC) and add custom routes to the custom route table. Then, you can associate the custom route table with a vSwitch to control the traffic of the vSwitch. This facilitates network management. The preceding operations are referred to as subnet routing.

    Background information

    Before you perform subnet routing, take note of the following limits:

    • Each VPC can contain at most 10 route tables including the system route table.

    • Each vSwitch can be associated with only one system route table or one custom route table.

    Prerequisites

    A VPC and a vSwitch are created. For more information, see Create a VPC with an IPv4 CIDR block.

    Step 1: Create a custom route table

    1. Log on to the VPC console.

    2. In the left-side navigation pane, click Route Tables.

    3. In the top navigation bar, select the region where you want to create a custom route table.

    4. On the Route Tables page, click Create Route Table.

    5. On the Create Route Table page, set the following parameters and click OK.

      Parameter

      Description

      Resource Group

      Select the resource group to which the custom route table belongs.

      Tag Key

      Enter a tag key for the custom route table. You can specify up to 20 tag keys.

      A tag key can be up to 128 characters in length and cannot contain http:// or https://. It cannot start with acs: or aliyun.

      Tag Value

      Enter a tag value for the custom route table. You can specify at most 20 tag values.

      A tag value can be up to 128 characters in length and cannot contain http:// or https://. It cannot start with acs: or aliyun.

      VPC

      Select the virtual private cloud (VPC) to which the custom route table belongs.

      Note

      The custom route table feature is an advanced VPC feature. If your VPC does not support custom route tables, contact Alibaba Cloud engineers.

      Associated Resource Type

      Select the type of the resource with which you want to associate the route table.

      • vSwitch: applies to a vSwitch.

      • Border Gateway: applies to a border gateway in the inbound direction.

      Name

      Enter a name for the custom route table.

      Description

      Enter a description for the custom route table.

      After the custom route table is created, you can go to the Route Tables page to view the route table. Custom is displayed in the Route Table Type column of the route table. The following system routes are automatically added to the custom route table:

      • A route whose destination CIDR block is 100.64.0.0/10. This route is used for communication among cloud resources within the VPC.

      • A route destined for the CIDR block of a vSwitch of the VPC to which the route table belongs. This route is used for communication between cloud resources within the vSwitch.

      For example, the CIDR block of your VPC is 192.168.0.0/16 and you created two vSwitches whose CIDR blocks are 192.168.1.0/24 and 192.168.0.0/24 in the VPC. The custom route table that you created for your VPC includes the following system routes. The "-" sign in the following table indicates the VPC.

      Destination CIDR block

      Next Hop

      Type

      100.64.0.0/10

      -

      System route

      192.168.1.0/24

      -

      System route

      192.168.0.0/24

      -

      System route

    Step 2: Add a custom route to the custom route table

    1. Log on to the VPC console.

    2. In the left-side navigation pane, click Route Tables.

    3. In the top navigation bar, select the region to which the custom route table belongs.

    4. On the Route Tables page, find the custom route table that you want to manage and click its ID.

    5. On the details page, choose Route Entry List > Custom Route and click Add Route Entry.

    6. In the Add Route Entry dialog box, configure the following parameters and click OK.

      Parameter

      Description

      Name

      Enter a name for the custom route.

      Resource Group

      Select the resource group to which the next hop belongs.

      Destination CIDR block

      Enter the destination CIDR block.

      • IPv4 CIDR Block: The destination CIDR block is an IPv4 CIDR block.

      • IPv6 CIDR Block: The destination CIDR block is an IPv6 CIDR block.

        Note

        If the selected route table is a system route table and the object to be associated is a custom route table of a vSwitch, you can set Destination CIDR Block to IPv6 CIDR Block. For more information about the regions that support IPv6 CIDR blocks, see Regions that support VPC features.

      • VPC Prefix List: The destination CIDR block belongs to a prefix list. For more information, see Prefix list overview.

      Next Hop Type

      Select a next hop type. Valid values:

      The following types of next hop are supported if Destination CIDR Block is set to IPv4 CIDR Block or VPC Prefix List:

      • IPv4 Gateway: Traffic destined for the destination CIDR block is routed to a specified IPv4 gateway.

      • NAT Gateway: Traffic destined for the destination CIDR block is routed to a specified NAT gateway. For more information, see What is NAT Gateway?

      • VPC Peering Connection: Traffic destined for the destination CIDR block is routed to a specified VPC peering connection. For more information, see Overview of VPC peering connections.

      • Transit Router: Traffic destined for the destination CIDR block is routed to a specified transit router. For more information, see How transit routers work.

      • VPN Gateway: Traffic destined for the destination CIDR block is routed to a specified VPN gateway. For more information, see What is VPN Gateway?

      • ECS Instance: Traffic destined for the destination CIDR block is routed to the specified Elastic Compute Service (ECS) instance. For more information, see What is ECS? Select this type if you want to route traffic to a specified ECS instance for centralized traffic forwarding and management. For example, you can configure an ECS instance as the Internet-facing gateway to route traffic from other ECS instances to the Internet.

      • ENI: Traffic destined for the destination CIDR block is routed to a specified elastic network interface (ENI). For more information, see ENI overview.

      • HaVip: Traffic destined for the destination CIDR block is routed to the specified high-availability virtual IP address (HAVIP). For more information, see HAVIPs.

      • Router Interface (To VBR): Traffic destined for the destination CIDR block is routed to the router interface that is associated with a virtual border router (VBR). For more information, see What is a VBR?

        Select this type if you want to connect the VPC to a data center through Express Connect circuits.

        If you select Router Interface (To VBR), you must also select a routing mode. Supported modes:

        • General Routing: Select an associated router interface.

        • Active/Standby Routing: Select two instances as the next hops. The active route has a weight of 100 and the standby route has a weight of 0. The standby route takes over if the active route fails health checks.

        • Load Balancing Routing: Select two to eight instances as the next hops. The instances must have the same weight, which must be an integer from 0 to 255. Network traffic is evenly distributed to the next hops.

      • Router Interface (To VPC): Traffic destined for the destination CIDR block is routed to the specified VPC. For more information, see What is a VPC?

      • ECR: Traffic destined for the destination CIDR block is routed to the specified Express Connect Router (ECR). For more information, see ECR.

      If the region of the route table supports IPv6 CIDR blocks and you select IPv6 CIDR Block for Destination CIDR Block, the following next hop types are supported:

      • ECS Instance: Traffic destined for the destination CIDR block is routed to the specified ECS instance. For more information, see What is ECS? Select this type if you want to route traffic to a specified ECS instance for centralized traffic forwarding and management. For example, you can configure an ECS instance as the Internet-facing gateway to route traffic from other ECS instances to the Internet.

      • IPv6 Gateway: Traffic destined for the destination CIDR block is routed to the specified IPv6 gateway. For more information, see What is an IPv6 gateway?

      • ENI: Traffic destined for the destination CIDR block is routed to a specified ENI. For more information, see ENI overview.

      • Router Interface (To VBR): Traffic destined for the destination CIDR block is routed to the router interface that is associated with a VBR. For more information, see Peering connections.

        Select this type if you want to connect the VPC to a data center through Express Connect circuits.

        If you select Router Interface (To VBR), you must also select a routing mode. Supported modes:

        • General Routing: Select an associated router interface.

        • Load Balancing Routing: Select two to eight instances as the next hops. The instances must have the same weight, which must be an integer from 0 to 255. Network traffic is evenly distributed to the next hops.

      • ECR: Traffic destined for the destination CIDR block is routed to the specified ECR. For more information, see ECR.

      • VPC Peering Connection: Traffic destined for the destination CIDR block is routed to a specified VPC peering connection. For more information, see Overview of VPC peering connections.

      After you specify Next Hop Type, you can select an instance as the next hop.

      You can also go to the product page to create an instance.

      Description

      Enter a description for the custom route.

    Step 3: Associate the custom route table with a vSwitch

    You can associate the custom route table with a vSwitch to manage the routes of the vSwitch. Each vSwitch can be associated with only one system route table or one custom route table.

    1. Log on to the VPC console.

    2. In the left-side navigation pane, click Route Tables.

    3. In the top navigation bar, select the region to which the route table belongs.

    4. On the Route Tables page, find the custom route table that you want to manage and click its ID.

    5. On the details page of the route table, click the Associated vSwitch tab and click Associate vSwitch.

    6. In the Associate vSwitch dialog box, select the vSwitch that you want to associate and click OK.

      On the Associate vSwitch tab, click the vSwitch ID in the vSwitch column to go to the vSwitch details page. Then, click the Route tab. In the Associated with Route Table section, you can verify that the route table associated with the vSwitch is a custom route table.